ByteOS Network

NVD Vulnerability Details :

CVE-2019-19758

Analyzed

Source-psirt@lenovo.com

Published At-14 Feb, 2020 | 17:15

Updated At-27 Feb, 2020 | 14:16

A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Secondary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary	2.0	5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N

CPE Matches

Lenovo Group Limited

>>ez_media_\&_backup_center_ix2>>-

cpe:2.3:h:lenovo:ez_media_\&_backup_center_ix2:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>ez_media_\&_backup_center_ix2_firmware>>Versions up to 4.1.406.34763(inclusive)

cpe:2.3:o:lenovo:ez_media_\&_backup_center_ix2_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>ez_media_\&_backup_center_ix2-dl_firmware>>Versions up to -4.1.406.34763(inclusive)

cpe:2.3:o:lenovo:ez_media_\&_backup_center_ix2-dl_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>ez_media_\&_backup_center_ix2-dl>>-

cpe:2.3:h:lenovo:ez_media_\&_backup_center_ix2-dl:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-601	Primary	nvd@nist.gov
CWE-601	Secondary	psirt@lenovo.com

References

Hyperlink	Source	Resource
https://support.lenovo.com/us/en/product_security/LEN-30242	psirt@lenovo.com	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History